Mozilla blocks Skype add-on: caused 33k Firefox crashes in a week

Mozilla was forced to block the Skype's Firefox toolbar due to severe bugs in …

Mozilla announced yesterday that it will block the Skype Toolbar add-on for Firefox and remotely disable it for existing users. Mozilla was forced to take this extraordinary measure after discovering that severe bugs in the add-on are crippling the browser's performance and stability.

The Skype Toolbar add-on is developed by Skype and comes bundled with the company's popular chat program. The add-on appears to be injected into Firefox automatically during the Skype installation and update process. Its primary function is to identify strings of text in Web pages that look like phone numbers and transparently convert them to links that can be used to automatically dial a call with Skype.

In November, a Mozilla engineer noticed half a dozen reports in the Firefox bug tracker that involved problems caused by the Skype Toolbar. A meta-bug was established to track the issues collectively and facilitate discussion about potential remedies. Mozilla's crash report system also identified the Skype Toolbar as one of the leading causes of Firefox crashes.

Some of the problems that Mozilla uncovered are fairly serious. The toolbar apparently performs its phone number conversion routine after every single DOM mutation, severely impairing the browser's performance. In some builds, the performance hit is so bad that it makes DOM manipulation 300 times slower. The add-on's misbehavior also reportedly causes rendering problems in a number of scenarios.

A Skype employee who joined the discussion in the bug tracker earlier this month offered to bring the issue to the attention of the relevant Skype personnel. Despite that and similar efforts by Skype employees to get the right people involved, Mozilla had enormous difficulty getting into direct contact with the team at the VoIP provider that is actually responsible for the toolbar.

After spending nearly two weeks trying to get somebody at Skype to commit to fixing the problem, Mozilla's Justin Scott finally decided on Wednesday that imposing a block on the add-on had become necessary. In a message posted in the bug tracker, he pointed out that the toolbar had single-handedly caused over 33,000 Firefox crashes in the previous week alone.

"Given the volume of crashes, the extent of the performance impact, the fact that users don't actually choose to install this add-on, and the extension team's lack of response during the weeks we were giving them to solve these issues, we should continue as planned to soft-block all versions of Skype in all versions of Firefox immediately," he wrote. "If these issues are fixed in a future version, we will be happy to reduce the block to only the affected versions. But with 33,000 crashes in the last week, this can't wait any longer for a fix from Skype."

The "soft" block will remotely disable the add-on, but allow users the option of manually turning it back on. The block will be imposed on all versions of the toolbar. Mozilla has previously imposed soft blocks on old versions of the add-on that were known to be problematic, but this appears to be the first time that they have blocked the latest stable version. It's important to note that disabling the add-on will simply sever Skype's browser integration—it won't damage the Skype application itself or impair regular usage of Skype. Mozilla intends to work with Skype to address the toolbar bugs.

66 Reader Comments

While I support Mozilla's decision here, I am slightly amused by the fact that they used a remote kill switch - a charge which is often levied at the feet of closed source developers (most notably, Microsoft) as a kind of boogieman.

Can't say I'm surprised to read this. I stopped using Firefox some time ago due to speed and instability issues - Chrome all the way for me now.

The desktop Skype app is similarly naff - consensus in the forums is that Skype using >70MB of RAM while idle (not even a window open!) is unacceptable - and this rises to 128MB+ as soon as you open the window.

The desktop Skype app is similarly naff - consensus in the forums is that Skype using >70MB of RAM while idle (not even a window open!) is unacceptable - and this rises to 128MB+ as soon as you open the window.

I don't know about you, but I have enough ram not to care if skype's using a little bit extra ram. 128MB isn't a lot when you have 4 or more GB. Also, I checked while I was on a call a few minutes ago and my skype was only using about 40MB.

As long as there's a legit way to bypass the killswitch if I so wish, I don't mind who puts one in.

did you read the article? there is, and it's mentioned

I think that was what loudergood was getting at here - that there's really no problem since it's a soft-block. And I totally agree with Firefox here; it was a 3rd-party add-on that didn't require the express consent or a positive action on part of the user - not usually what comes to mind when you think 'nefarious backdoor kill-switch'.

Although how far these soft-blocks will acclimatize us to having built-in switches in our software is anyone's guess, and the "as long as they *use* it for good purposes" argument is dependent on the good-will of the big corporations - not something i'd put money on.

Now I know the REAL cause of the crashes that have plagued my Firefox installation ever since I installed Skype.

The latest version of Skype is very poor:===* Every time the program starts (not just at installation time), Windows 7 64-bit asks me whether I want to allow Skype to make changes to my computer. NOT fully compatible with Win7-64.* Bundled garbage that is hard to get rid of (who wants a limited Facebook-only browser inside their Skype window? You have to delve into the options to take that away.)* Sprawling, overcomplicated user interface (take us back to the old days PLEASE!)* Lower sound quality (in case you were wondering why Skype was doing all those quality-control surveys a few years ago, it appears they wanted to know how much they could skimp on sound quality before people started looking for alternatives - sound is very tinny now compared to how it was a few years ago).* Reportedly, no way to complain - customer services is nonexistent or impossible to contact (they actually had decent customer service for paying customers, 2-4 years ago, PRIOR to doubling their prices.)

Overall it appears that ever since eBay bought a stake in the company, Skype has become like any other ruthless mercenary business - charge as much as possible and give as little as possible in return. It appears from the latest builds that they've long-since fired all their best programmers and replaced them with a few grovelling minions who will do the management's bidding regardless of how misguided they may be.

I was delighted to hear about this. Skype's habit of injecting the toolbar silently into my Firefox without even asking me or giving me the option to reject it was really getting on my nerves.

I don't know about stability or performance problems, as I always turn it off as soon as I notice it. One does wonder about it crashing Firefox though - if it doesn't include any native code, it really shouldn't be able to do that.

The desktop Skype app is similarly naff - consensus in the forums is that Skype using >70MB of RAM while idle (not even a window open!) is unacceptable - and this rises to 128MB+ as soon as you open the window.

I don't know about you, but I have enough ram not to care if skype's using a little bit extra ram. 128MB isn't a lot when you have 4 or more GB. Also, I checked while I was on a call a few minutes ago and my skype was only using about 40MB.

70mb from Skype, 500mb from generic Windows processes, 80mb for Steam, 100mb for Firefox, so on and so forth... You've already used about 25% of your ram before actually opening any of the things you actually to use.

Where are the cries of outrage and injustice? I guess when a corporation does this its bad but if Open Source community does it its fine.

The outrage you're referencing is from closed source developers unilaterally blocking third party add ons. This generally occurs when the first party has some competing option and is unfairly leveraging its market position to harm the other.

This situation is an open source community that has found a major bug. After spending weeks attempting to get the third party to fix its software, and not receiving any response, they've blocked the bug. Since the Skype software is installed without user consent, it is treated no differently than a virus or deliberate malware. Firefox is also giving the option for manual override of the block, protecting users who accidentally ended up with the software, but not preventing deliberate use of the software.

The two events you're trying to compare have extremely few similarities.

While I support Mozilla's decision here, I am slightly amused by the fact that they used a remote kill switch - a charge which is often levied at the feet of closed source developers (most notably, Microsoft) as a kind of boogieman.

Not the same. Not even close.

Mozilla did not turn off access to something you bought (Amazon), check up on your licenses and shut you down remotely (Microsoft), suddenly switch all development to closed-source and leave users and other developers out in the cold (BitTorrent, DivX), or anything else that remotely resembles the sort of charges previously levied at others in the software, content, and services industries.

Note that none of those other charges are "boogiemen". They all actually harmed real customers and users.

This is Mozilla noticing that another piece of software was quietly wrecking their software and switching their browser's default behavior to ignore said software. That isn't even "kill"; it's "require user to manually enable".

Where are the cries of outrage and injustice? I guess when a corporation does this its bad but if Open Source community does it its fine.

Why would there be any outrage?

1. This is a soft block that a user can fully over-ride.2. They have been in contact with the company responsible for weeks3. They gave them time to fix the problem4. The problem did not get fixed and was causing excessive amounts of crashes.

If they had hard blocked with no user over-ride and did not try to work with the developers to get it fixed then we could have had some outrage.

Skype has turned to shite after the eBay sale. I heard something about the original developers buying it back or something, but you can tell the quality has continued to fall.

* It crashes on me all the time* They show increasingly obnoxious ads, even when you pay for a subscription* They dropped my incoming number without informing me* They then dropped my subscription and switched me over to pay-per-minute without warning me* The number of countries they allow have numbers in is decreasing* They are suffering from increasing numbers of network outages.

They used to have a very good product, but you can't avoid the golden rule:

I'll never understand why an outfit like Skype, or any "major" player in much of any market, would be so unresponsive. It's just incredibly brain-dead to let such bad PR develop, when even generally supportive responses, if not complete fixes, could have helped head this off. It's one thing to let lowly users fend for themselves in forums and the like, it's entirely another to ignore Mozilla, whom they should be treating as a business partner. It speaks volumes about the company, none of it positive. What, it's run by teenagers? Well, most teenagers would know better. (And, apparently, produce cleaner code.)

This action certainly doesn't surprise me, since Mozilla did the exact same thing with the Skype extension perhaps a year ago. I recall being annoyed at the time that it was being auto-disabled, but then realized I really didn't have a strong need for it anyway and stopped being annoyed. I think I'll retain my indifference this time around.

The desktop Skype app is similarly naff - consensus in the forums is that Skype using >70MB of RAM while idle (not even a window open!) is unacceptable - and this rises to 128MB+ as soon as you open the window.

I don't know about you, but I have enough ram not to care if skype's using a little bit extra ram. 128MB isn't a lot when you have 4 or more GB. Also, I checked while I was on a call a few minutes ago and my skype was only using about 40MB.

70mb from Skype, 500mb from generic Windows processes, 80mb for Steam, 100mb for Firefox, so on and so forth... You've already used about 25% of your ram before actually opening any of the things you actually to use.

And then I open a program I intend to use and it uses about another hundred megs. (Or a gig if it's WoW) and I still have plenty left over. :-P

I can probably count on one hand the number of times I've exhausted my desktop's ram. Most those times it's probably because I had a couple virtual machines running in the background and a full software project open in vc++, then decided I wanted to play Crysis. Saving 60MB here and 60MB there on a few apps like skype and steam isn't going to save my computer from that kind of activity.

This isn't new behavior for the Skype plugin. I disabled it a long, long time ago, after I discovered it was killing performance on Firefox. Skype hasn't had two weeks to get this fixed; they've had a year or more. They've just ignored it.

<blockquote>And then I open a program I intend to use and it uses about another hundred megs. (Or a gig if it's WoW) and I still have plenty left over. :-P </blockquote>

Try that same scenario with, say, a skirmish game of Supreme Commander: Forged Alliance on a large map with three AI players: the game will easily suck up more than two GIGAbytes of RAM. It's so extreme that the /3G boot switch is almost mandatory with Windows XP 32-bit.

This has been an issue for a long time. I typically manually disable the skype add-on but it reenables itself when you update skype so sometimes I forget. Usually after the first browser crash I remember to check to make sure it is disabled.

Apple could learn a LOT from Mozilla's communication in this incident. Both involved rejecting third party software from their platform - but I doubt anyone will take issue with Mozilla, and for good reason:1) They proactively contacted the developer and gave a reasonable (maybe too reasonable chance at responding)2) The rejection is "soft", so the user can ignore it if they want. This is somewhat similar to a recent Android Marketplace rejection, where people can always get it themselves if they really want it.3) The issues at hand are also being communicated to the wider community (and presumably the toolbar's users). No second-guessing as to why the action was taken.

The only legitimate reason I can think of for why Apple doesn't do this as well is that their reviewers are understaffed.

It appears from the latest builds that they've long-since fired all their best programmers and replaced them with a few grovelling minions who will do the management's bidding regardless of how misguided they may be.

Let's assume Mozilla can not do that; how would you have suggested to solve the skype software problem. Like Mozilla send you an e-mail and you take care of it by yourself? How? After reading your comment I that you have a genius idea.

I don't need the Skype plugin for my Firefox to crash. It does that very well on it's own. Also, I've never seen my Firefox use 100mb of RAM except immediately after I open it. Start using it and it quickly gobbles up a gig or two.

Where are the cries of outrage and injustice? I guess when a corporation does this its bad but if Open Source community does it its fine.

If I thought I could trust corporations to only use their kill-switches in cases where a third-party add-on is being installed without the user's knowledge and crippling their software (and not simply to protect their business model), and even that only after weeks of attempts to get the third party to fix their buggy-ass software, and to always alert the user to its use and give the option to turn the add-on back on, I'd be fine with them having a kill switch.

Oh, wait, I do trust corporations with that power. At least the one that makes my antimalware solution. Because that's what the Skype toolbar is at this point -- malware.

The desktop Skype app is similarly naff - consensus in the forums is that Skype using >70MB of RAM while idle (not even a window open!) is unacceptable - and this rises to 128MB+ as soon as you open the window.

I don't know about you, but I have enough ram not to care if skype's using a little bit extra ram. 128MB isn't a lot when you have 4 or more GB. Also, I checked while I was on a call a few minutes ago and my skype was only using about 40MB.

70mb from Skype, 500mb from generic Windows processes, 80mb for Steam, 100mb for Firefox, so on and so forth... You've already used about 25% of your ram before actually opening any of the things you actually to use.

And then I open a program I intend to use and it uses about another hundred megs. (Or a gig if it's WoW) and I still have plenty left over. :-P

I can probably count on one hand the number of times I've exhausted my desktop's ram. Most those times it's probably because I had a couple virtual machines running in the background and a full software project open in vc++, then decided I wanted to play Crysis. Saving 60MB here and 60MB there on a few apps like skype and steam isn't going to save my computer from that kind of activity.

So what you're saying is that you don't ever use ram intensive programs and your setup has more ram than is necessary for your use. Now, for the people who actually use the ram in their system, it's a big deal. Even a clean boot with as few services running as possible tends to consume all of your 4gb if you actually use any ram intensive programs.

What "new fad"? Willingness to release new features before they're 100% fixed has been a common occurrence in free downloadable software since the 1990s.

Yes, that used to be the random shareware that you ran at your own risk, most often not written by large technology corporations which are supposed to have a QA department (anti-malware companies excluded, they're just sad and I don't take them into account in my analysis). At least most serious software makers back then pretended to test their software. These days, companies say: "Hi customer, we're releasing this software, mind testing it for us?" without even trying to convince people they tested it first. I blame Google for propagating this mentality.